Intrusion Prevention



This indicates an attempt to exploit an arbitrary file overwrite vulnerability in HP Software Update, shipped with many HP systems.
The vulnerability is due to a design weakness in an ActiveX component that is used to download patches and updates for HP software. A remote attacker can exploit the vulnerability by persuading a target user to open a malicious web page that can then overwrite sensitive files on the local file system. By doing this the attacker can corrupt the operating system and/or execute arbitrary code with the privileges of the logged in user.

Affected Products

HP Software Update


System Compromise: privilege escalation

Recommended Actions

Refer to HPSBGN02301 SSRT071508 rev.2 for patch, upgrade, or suggested workaround information:

CVE References